On Delegatability of Four Designated Verifier Signatures
In a paper recently published in ICALP 2005, Lipmaa, Wang and Bao identified a new essential security property, non-delegatability, of designated verifier signature (DVS) schemes. Briefly, in a non-delegatable DVS scheme, neither a signer nor a designated verifier can delegate the signing rights to any third party T without revealing their secret keys. We show that the Susilo-Zhang-Mu identity-based strong DVS scheme, Ng-Susilo-Mu universal designated multi verifier signature scheme, the Laguillaumie-Vergnaud multi-DVS scheme and the Zhang-Furukawa-Imai universal DVS scheme are delegatable. Together with the results of Lipmaa, Wang and Bao, our results show that most of the previously proposed DVS schemes are delegatable. However, the Laguillaumie-Vergnaud and Zhang-Furukawa-Imai schemes may still be secure in practice, since there the only party who can delegate signing is the designated verifier, who may not have motivation to do so. We finish the paper with some discussion on whether the non-delegatability notion of Lipmaa, Wang and Bao is appropriate.
KeywordsDesignated verifier signatures non-delegatability
Unable to display preview. Download preview PDF.
- [Cha96]Chaum, D.: Private Signature and Proof Systems (1996); US-patent no 5,493,614Google Scholar
- [JSI96]Jakobsson, M., Sako, K., Impagliazzo, R.: Designated Verifier Proofs and Their Applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)Google Scholar
- [NSM05]Ng, C.Y., Susilo, W., Mu, Y.: Universal Designated Multi Verifier Signature Schemes. In: Xu, C.-Z., Yang, L.T. (eds.) The International Workshop on Security in Networks and Distributed Systems (SNDS 2005), Fukuoka, Japan, July 20–22. IEEE Press, Los Alamitos (2005) (to appear)Google Scholar